Kubernetes
For Small Organisations
Ruiwen
Backend Guy
Kubernetes
Is it worth it?
No.
— Angad
Motivations
Main API
Secondary Services
CI/CD Setup
1
3
1
1
couple of analytic dbs, couple of scripts,
dashboards and cron jobs
"Sup."
ChatOps Bot
Lobot
Backend Guy
1
=(
Laziness
Wins
Kubernetes
koo-ber-net-ees
https://twitter.com/francesc/status/487412202932936704
Since Jul 2016-ish
Supporting services migrated
Hopefully production at some point
Currently AWS, but hopefully federated across Azure as well
The Good
Active
Very. Active.
In a Nutshell, Kubernetes...
- has had 36,064 commits made by 1,068 contributors
representing 1,631,392 lines of code
- has a young, but established codebase
-
maintained by a very large development team
with increasing Y-O-Y commits - took an estimated 466 years of effort (COCOMO model)
starting with its first commit in June, 2014
ending with its most recent commit about 1 month ago
https://www.openhub.net/p/kubernetes
Open Processes
Large, active community
Documentation
... exists
...ish
Stability
Is such a Relief!
Resilience
*Just a normal day at work
BOOM!!1!
BOOM!!1!
POW!!1!
POW!!1!
Established Patterns
Less Cognitive Overhead
==
The Bad
Documentation Available
... sort of
http://kubernetes.io/docs/api-reference/v1/operations/
https://github.com/kubernetes/kubernetes/issues/15128
https://github.com/kubernetes/kubernetes/issues/1362
pinch of salt necessary
Persistence and DBs
K8S All the Things!!1!
K8S All the Things!!1!
Persistence Stores
Really Prefer Stability
Persistence clusters really don't like nodes disappearing/reappearing.
Or.. at least redis sentinels don't
Neither do memcached farms
Stable DNS identity only solves part of the problem, but not when dealing directly with IPs
The Ugly
Phantom Pods
$ kubectl get pods --all-namespaces \ -o yaml | grep 10.244.18.6 $
Hunting for an IP across all pods, across all namespaces
/data # redis-cli -h 10.244.18.6 \
-p 26379 info | \
grep "redis_version"
redis_version:3.2.1
Surprise!
/data # redis-cli -h 10.244.18.6 -p 26379 10.244.18.6:26379> shutdown not connected>
Kill it with Fire
Teething Tooling Problems
TLS Auth on Kubernetes makes me sad
Well, just with kube-up.sh
// Jumpbox
$ sudo find / -name 'ca.key'
$ <nothing>
So, was it worth it?
Yes.
— Ruiwen
But..
You'll need to get over the learning curve
Persistence might be a problem, despite the convenience
There are rough edges that are still being worked out
*cough*we'rehiring*cough*
Kubernetes for Small Organisations
By Ruiwen Chua
Kubernetes for Small Organisations
Kubernetes for Small Organisations: Is it worth it? [Presented at GeekcampSG 2016]
- 729